handling unstructure data



As we all know SPLUNK can handle un-structure data.

Could any one please let me know how SPLUNK can handle unstructure data..for an example if an audio file has to be imported for analyzing OR a video file OR a PDF file...

Please get me some example how it can handle un-structure data.

I really need it urgently, I am going to use this in my project


0 Karma

Re: handling unstructure data


I think you may have your terms confused, you mean how can Splunk handle binary data. The point of Splunk is that it takes plain text data, sometimes this has structure and sometimes it doesn't but its always usually in plain text.

Splunk can't really work with binary data, normally you would perform some analysis or action on the data beforehand to produce something in plain text that Splunk can handle for analysis. How you do this is up to you and kinda outside the bounds of what Splunk can do.